[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 408/06 - Two Red Hat Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 408/06 dated 15.06.06  Time: 14:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two Red Hat Security Advisories:

1. RHSA-2006:0515-01 - Important: sendmail security update
       
2. RHSA-2006:0548-01 - Important: kdebase security update

Detail
====== 

1. A flaw in the handling of multi-part MIME messages was discovered in
Sendmail.  A remote attacker could create a carefully crafted message that
could crash the sendmail process during delivery (CVE-2006-1173).  By
default on Red Hat Enterprise Linux, Sendmail is configured to only accept
connections from the local host. 

2. Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could
use a symlink attack to read an arbitrary file that they would not normally
have permissions to read. (CVE-2006-2449)





1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: sendmail security update
Advisory ID:       RHSA-2006:0515-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0515.html
Issue date:        2006-06-14
Updated on:        2006-06-14
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-1173 
- - ---------------------------------------------------------------------

1. Summary:

Updated sendmail packages are now available to fix a denial of service
security issue.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Sendmail is a Mail Transport Agent (MTA) used to send mail between machines.

A flaw in the handling of multi-part MIME messages was discovered in
Sendmail.  A remote attacker could create a carefully crafted message that
could crash the sendmail process during delivery (CVE-2006-1173).  By
default on Red Hat Enterprise Linux, Sendmail is configured to only accept
connections from the local host. Therefore, only users who have configured
Sendmail to listen to remote hosts would be remotely vulnerable to this issue.

Users of Sendmail are advised to upgrade to these erratum packages, which
contain a backported patch from the Sendmail team to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm
eb433f9156e195c172d856a78e3561f4  sendmail-8.12.11-4.21AS.10.src.rpm

i386:
651d0b9ebaeb462339fa26bbda78b5dd  sendmail-8.12.11-4.21AS.10.i386.rpm
54ef317154cc461a1f41ce6b5fabdf62  sendmail-cf-8.12.11-4.21AS.10.i386.rpm
c3246afcc3a6d89f83aeb688d07d83af  sendmail-devel-8.12.11-4.21AS.10.i386.rpm
7d76ca987f5d5309c0e01adb459d46d3  sendmail-doc-8.12.11-4.21AS.10.i386.rpm

ia64:
95a0e87d324875906f1006d0da31c9d2  sendmail-8.12.11-4.21AS.10.ia64.rpm
60cb3641eafc04b17e5789870b6e8d94  sendmail-cf-8.12.11-4.21AS.10.ia64.rpm
e1363f56f8fd522f49369918a43575b7  sendmail-devel-8.12.11-4.21AS.10.ia64.rpm
5c260e42bb8445a45a3f67ce85f5ee9f  sendmail-doc-8.12.11-4.21AS.10.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm
eb433f9156e195c172d856a78e3561f4  sendmail-8.12.11-4.21AS.10.src.rpm

ia64:
95a0e87d324875906f1006d0da31c9d2  sendmail-8.12.11-4.21AS.10.ia64.rpm
60cb3641eafc04b17e5789870b6e8d94  sendmail-cf-8.12.11-4.21AS.10.ia64.rpm
e1363f56f8fd522f49369918a43575b7  sendmail-devel-8.12.11-4.21AS.10.ia64.rpm
5c260e42bb8445a45a3f67ce85f5ee9f  sendmail-doc-8.12.11-4.21AS.10.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm
eb433f9156e195c172d856a78e3561f4  sendmail-8.12.11-4.21AS.10.src.rpm

i386:
651d0b9ebaeb462339fa26bbda78b5dd  sendmail-8.12.11-4.21AS.10.i386.rpm
54ef317154cc461a1f41ce6b5fabdf62  sendmail-cf-8.12.11-4.21AS.10.i386.rpm
c3246afcc3a6d89f83aeb688d07d83af  sendmail-devel-8.12.11-4.21AS.10.i386.rpm
7d76ca987f5d5309c0e01adb459d46d3  sendmail-doc-8.12.11-4.21AS.10.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm
eb433f9156e195c172d856a78e3561f4  sendmail-8.12.11-4.21AS.10.src.rpm

i386:
651d0b9ebaeb462339fa26bbda78b5dd  sendmail-8.12.11-4.21AS.10.i386.rpm
54ef317154cc461a1f41ce6b5fabdf62  sendmail-cf-8.12.11-4.21AS.10.i386.rpm
c3246afcc3a6d89f83aeb688d07d83af  sendmail-devel-8.12.11-4.21AS.10.i386.rpm
7d76ca987f5d5309c0e01adb459d46d3  sendmail-doc-8.12.11-4.21AS.10.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm
56e56bc18449573537f9a840bcd80edd  sendmail-8.12.11-4.RHEL3.6.src.rpm

i386:
3ff8e78f4d0d82037e6980b86bb5fc45  sendmail-8.12.11-4.RHEL3.6.i386.rpm
4e4088675e76dee6f234f84070c798db  sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm
97a9ef4d4723be8fc0c46f939b513dbe  sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm
ec57128bd02ff7c63f9c97dacfbcbcc5  sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm
c14599455866418ae9cf9b9c7685dc37  sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm

ia64:
3e5888671c01b60810b8f0c4c14d2b62  sendmail-8.12.11-4.RHEL3.6.ia64.rpm
02a4adbc238b3e6de9829cca545819c8  sendmail-cf-8.12.11-4.RHEL3.6.ia64.rpm
70335ca898f7b4a529d5647d4632b98b  sendmail-debuginfo-8.12.11-4.RHEL3.6.ia64.rpm
e53590cf99870456690bdf85dba472b0  sendmail-devel-8.12.11-4.RHEL3.6.ia64.rpm
e0dbb14d868b603490688b75f7fbe4bf  sendmail-doc-8.12.11-4.RHEL3.5.ia64.rpm

ppc:
c2aac053243efd7d78ec0326199f9c7d  sendmail-8.12.11-4.RHEL3.6.ppc.rpm
d705a256166bf283698c6f3ec9ae0383  sendmail-cf-8.12.11-4.RHEL3.6.ppc.rpm
66cb74fa2096ca93866058ddf32bde5b  sendmail-debuginfo-8.12.11-4.RHEL3.6.ppc.rpm
97a56ed8bd1307c678da81e1326a7acc  sendmail-devel-8.12.11-4.RHEL3.6.ppc.rpm
f06f06ccf99ff851d9c8c9edf2902245  sendmail-doc-8.12.11-4.RHEL3.5.ppc.rpm

s390:
e361c16c7c0a691cb3b319b64c040b3e  sendmail-8.12.11-4.RHEL3.6.s390.rpm
6386f37dd02b5c891fc82a1c95763811  sendmail-cf-8.12.11-4.RHEL3.6.s390.rpm
aee9d1b626eed04b2eb8bba5a046a29b  sendmail-debuginfo-8.12.11-4.RHEL3.6.s390.rpm
59447fee5b24f73c45376bad72465168  sendmail-devel-8.12.11-4.RHEL3.6.s390.rpm
545ae9ee6cc96a201d462a05acaeb2f0  sendmail-doc-8.12.11-4.RHEL3.5.s390.rpm

s390x:
52cef3a786bd372e2f461848ab8f2109  sendmail-8.12.11-4.RHEL3.6.s390x.rpm
72df70d8685a6ad7b3bc5ed49d40e0e8  sendmail-cf-8.12.11-4.RHEL3.6.s390x.rpm
70f579e2ce832d953c3938c78ccd1d1c  sendmail-debuginfo-8.12.11-4.RHEL3.6.s390x.rpm
cb8ab05cb3233776d0784e5a765c3dea  sendmail-devel-8.12.11-4.RHEL3.6.s390x.rpm
bf444260db68819d2f59adf19a7ee15c  sendmail-doc-8.12.11-4.RHEL3.5.s390x.rpm

x86_64:
dbdb84ce40186d065f36287126c0e607  sendmail-8.12.11-4.RHEL3.6.x86_64.rpm
feb1a9ac19c57bf7f5ce1ed4006d8a7f  sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm
b51e9b366f5b8c2a0ca61080f7125160  sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm
91c85dac16a21b326107864137ce1851  sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm
8bc89f9c07182c1e9edb25730eb40c4a  sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm
56e56bc18449573537f9a840bcd80edd  sendmail-8.12.11-4.RHEL3.6.src.rpm

i386:
3ff8e78f4d0d82037e6980b86bb5fc45  sendmail-8.12.11-4.RHEL3.6.i386.rpm
4e4088675e76dee6f234f84070c798db  sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm
97a9ef4d4723be8fc0c46f939b513dbe  sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm
ec57128bd02ff7c63f9c97dacfbcbcc5  sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm
c14599455866418ae9cf9b9c7685dc37  sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm

x86_64:
dbdb84ce40186d065f36287126c0e607  sendmail-8.12.11-4.RHEL3.6.x86_64.rpm
feb1a9ac19c57bf7f5ce1ed4006d8a7f  sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm
b51e9b366f5b8c2a0ca61080f7125160  sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm
91c85dac16a21b326107864137ce1851  sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm
8bc89f9c07182c1e9edb25730eb40c4a  sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm
56e56bc18449573537f9a840bcd80edd  sendmail-8.12.11-4.RHEL3.6.src.rpm

i386:
3ff8e78f4d0d82037e6980b86bb5fc45  sendmail-8.12.11-4.RHEL3.6.i386.rpm
4e4088675e76dee6f234f84070c798db  sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm
97a9ef4d4723be8fc0c46f939b513dbe  sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm
ec57128bd02ff7c63f9c97dacfbcbcc5  sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm
c14599455866418ae9cf9b9c7685dc37  sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm

ia64:
3e5888671c01b60810b8f0c4c14d2b62  sendmail-8.12.11-4.RHEL3.6.ia64.rpm
02a4adbc238b3e6de9829cca545819c8  sendmail-cf-8.12.11-4.RHEL3.6.ia64.rpm
70335ca898f7b4a529d5647d4632b98b  sendmail-debuginfo-8.12.11-4.RHEL3.6.ia64.rpm
e53590cf99870456690bdf85dba472b0  sendmail-devel-8.12.11-4.RHEL3.6.ia64.rpm
e0dbb14d868b603490688b75f7fbe4bf  sendmail-doc-8.12.11-4.RHEL3.5.ia64.rpm

x86_64:
dbdb84ce40186d065f36287126c0e607  sendmail-8.12.11-4.RHEL3.6.x86_64.rpm
feb1a9ac19c57bf7f5ce1ed4006d8a7f  sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm
b51e9b366f5b8c2a0ca61080f7125160  sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm
91c85dac16a21b326107864137ce1851  sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm
8bc89f9c07182c1e9edb25730eb40c4a  sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm
56e56bc18449573537f9a840bcd80edd  sendmail-8.12.11-4.RHEL3.6.src.rpm

i386:
3ff8e78f4d0d82037e6980b86bb5fc45  sendmail-8.12.11-4.RHEL3.6.i386.rpm
4e4088675e76dee6f234f84070c798db  sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm
97a9ef4d4723be8fc0c46f939b513dbe  sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm
ec57128bd02ff7c63f9c97dacfbcbcc5  sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm
c14599455866418ae9cf9b9c7685dc37  sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm

ia64:
3e5888671c01b60810b8f0c4c14d2b62  sendmail-8.12.11-4.RHEL3.6.ia64.rpm
02a4adbc238b3e6de9829cca545819c8  sendmail-cf-8.12.11-4.RHEL3.6.ia64.rpm
70335ca898f7b4a529d5647d4632b98b  sendmail-debuginfo-8.12.11-4.RHEL3.6.ia64.rpm
e53590cf99870456690bdf85dba472b0  sendmail-devel-8.12.11-4.RHEL3.6.ia64.rpm
e0dbb14d868b603490688b75f7fbe4bf  sendmail-doc-8.12.11-4.RHEL3.5.ia64.rpm

x86_64:
dbdb84ce40186d065f36287126c0e607  sendmail-8.12.11-4.RHEL3.6.x86_64.rpm
feb1a9ac19c57bf7f5ce1ed4006d8a7f  sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm
b51e9b366f5b8c2a0ca61080f7125160  sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm
91c85dac16a21b326107864137ce1851  sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm
8bc89f9c07182c1e9edb25730eb40c4a  sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm
13be3b8f1e32ada145cb3f13b32c109d  sendmail-8.13.1-3.RHEL4.5.src.rpm

i386:
bb833733e1c2eff71451f1204aef9bd3  sendmail-8.13.1-3.RHEL4.5.i386.rpm
18470cac0766b616e4714a3aff61f6e9  sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm
f4d0c15734805cfd31ce08024d5543f9  sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm
47d3c594dafd3d436ea4c907cc824994  sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm
e065e052e47cacbb8ef3208ee863b944  sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm

ia64:
fd784194c19791ecc3431af797597d67  sendmail-8.13.1-3.RHEL4.5.ia64.rpm
16598c3ec2d43b6b2ec43cda6cc04f93  sendmail-cf-8.13.1-3.RHEL4.5.ia64.rpm
46d073b9a4a02fbcaabedb97dc85bfd8  sendmail-debuginfo-8.13.1-3.RHEL4.5.ia64.rpm
3e6b9ab4ebad907b19df0d825f2f84a5  sendmail-devel-8.13.1-3.RHEL4.5.ia64.rpm
c164fd25fc349eaea5a9c7500c1e7cf3  sendmail-doc-8.13.1-3.RHEL4.5.ia64.rpm

ppc:
673df65e9394fe9b8cc53f0b1180000c  sendmail-8.13.1-3.RHEL4.5.ppc.rpm
685b38e668cbb993f188f260d9bcf84c  sendmail-cf-8.13.1-3.RHEL4.5.ppc.rpm
b54f98829aaf45ea8d5cdb9236312b3a  sendmail-debuginfo-8.13.1-3.RHEL4.5.ppc.rpm
0ec20b02e462527ad4f1269f93fd37af  sendmail-devel-8.13.1-3.RHEL4.5.ppc.rpm
61f29bfd52713bc8fc2ab81c42887fcd  sendmail-doc-8.13.1-3.RHEL4.5.ppc.rpm

s390:
a1e5fd8aaac47105919653d657d7547b  sendmail-8.13.1-3.RHEL4.5.s390.rpm
5c1d08378a3f89bc48646bc5c1c66a53  sendmail-cf-8.13.1-3.RHEL4.5.s390.rpm
d0a260b6eeef02c4f5441b0096933765  sendmail-debuginfo-8.13.1-3.RHEL4.5.s390.rpm
37a4a2558db9ee621b16519b556376ba  sendmail-devel-8.13.1-3.RHEL4.5.s390.rpm
a15a17a091ff88a044203ea01cff1aee  sendmail-doc-8.13.1-3.RHEL4.5.s390.rpm

s390x:
27ce1d323b5bbfbb727443c6eea2f1ff  sendmail-8.13.1-3.RHEL4.5.s390x.rpm
dceeb91fb892d036faaf5e085f3168b8  sendmail-cf-8.13.1-3.RHEL4.5.s390x.rpm
efdd192f50bc7995062b3594e3485867  sendmail-debuginfo-8.13.1-3.RHEL4.5.s390x.rpm
93af2958fbafadc6eb22172e11a09005  sendmail-devel-8.13.1-3.RHEL4.5.s390x.rpm
483a35c70e26aecb57a8f9b2f7263b2e  sendmail-doc-8.13.1-3.RHEL4.5.s390x.rpm

x86_64:
1fad7c5a8d65637beef88a615f4b7af2  sendmail-8.13.1-3.RHEL4.5.x86_64.rpm
0eb433d9aa23b37a507fd573e3481ad1  sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm
022f308a92113cf261c6144f712a3153  sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm
b68234b4f9ab562773b72f171e3bb9f4  sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm
d338610c6eac08b048045052d55ba44b  sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm
13be3b8f1e32ada145cb3f13b32c109d  sendmail-8.13.1-3.RHEL4.5.src.rpm

i386:
bb833733e1c2eff71451f1204aef9bd3  sendmail-8.13.1-3.RHEL4.5.i386.rpm
18470cac0766b616e4714a3aff61f6e9  sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm
f4d0c15734805cfd31ce08024d5543f9  sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm
47d3c594dafd3d436ea4c907cc824994  sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm
e065e052e47cacbb8ef3208ee863b944  sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm

x86_64:
1fad7c5a8d65637beef88a615f4b7af2  sendmail-8.13.1-3.RHEL4.5.x86_64.rpm
0eb433d9aa23b37a507fd573e3481ad1  sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm
022f308a92113cf261c6144f712a3153  sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm
b68234b4f9ab562773b72f171e3bb9f4  sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm
d338610c6eac08b048045052d55ba44b  sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm
13be3b8f1e32ada145cb3f13b32c109d  sendmail-8.13.1-3.RHEL4.5.src.rpm

i386:
bb833733e1c2eff71451f1204aef9bd3  sendmail-8.13.1-3.RHEL4.5.i386.rpm
18470cac0766b616e4714a3aff61f6e9  sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm
f4d0c15734805cfd31ce08024d5543f9  sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm
47d3c594dafd3d436ea4c907cc824994  sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm
e065e052e47cacbb8ef3208ee863b944  sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm

ia64:
fd784194c19791ecc3431af797597d67  sendmail-8.13.1-3.RHEL4.5.ia64.rpm
16598c3ec2d43b6b2ec43cda6cc04f93  sendmail-cf-8.13.1-3.RHEL4.5.ia64.rpm
46d073b9a4a02fbcaabedb97dc85bfd8  sendmail-debuginfo-8.13.1-3.RHEL4.5.ia64.rpm
3e6b9ab4ebad907b19df0d825f2f84a5  sendmail-devel-8.13.1-3.RHEL4.5.ia64.rpm
c164fd25fc349eaea5a9c7500c1e7cf3  sendmail-doc-8.13.1-3.RHEL4.5.ia64.rpm

x86_64:
1fad7c5a8d65637beef88a615f4b7af2  sendmail-8.13.1-3.RHEL4.5.x86_64.rpm
0eb433d9aa23b37a507fd573e3481ad1  sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm
022f308a92113cf261c6144f712a3153  sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm
b68234b4f9ab562773b72f171e3bb9f4  sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm
d338610c6eac08b048045052d55ba44b  sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm
13be3b8f1e32ada145cb3f13b32c109d  sendmail-8.13.1-3.RHEL4.5.src.rpm

i386:
bb833733e1c2eff71451f1204aef9bd3  sendmail-8.13.1-3.RHEL4.5.i386.rpm
18470cac0766b616e4714a3aff61f6e9  sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm
f4d0c15734805cfd31ce08024d5543f9  sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm
47d3c594dafd3d436ea4c907cc824994  sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm
e065e052e47cacbb8ef3208ee863b944  sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm

ia64:
fd784194c19791ecc3431af797597d67  sendmail-8.13.1-3.RHEL4.5.ia64.rpm
16598c3ec2d43b6b2ec43cda6cc04f93  sendmail-cf-8.13.1-3.RHEL4.5.ia64.rpm
46d073b9a4a02fbcaabedb97dc85bfd8  sendmail-debuginfo-8.13.1-3.RHEL4.5.ia64.rpm
3e6b9ab4ebad907b19df0d825f2f84a5  sendmail-devel-8.13.1-3.RHEL4.5.ia64.rpm
c164fd25fc349eaea5a9c7500c1e7cf3  sendmail-doc-8.13.1-3.RHEL4.5.ia64.rpm

x86_64:
1fad7c5a8d65637beef88a615f4b7af2  sendmail-8.13.1-3.RHEL4.5.x86_64.rpm
0eb433d9aa23b37a507fd573e3481ad1  sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm
022f308a92113cf261c6144f712a3153  sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm
b68234b4f9ab562773b72f171e3bb9f4  sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm
d338610c6eac08b048045052d55ba44b  sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
http://www.kb.cert.org/vuls/id/146718
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEkGAfXlSAg2UNWIIRArG9AKC/UgFZNdOwtwS766FMpHkpyMSpIACgmrSi
uENqQY8OG3JMfdlmNKyFWA0=
=8yQQ
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: kdebase security update
Advisory ID:       RHSA-2006:0548-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0548.html
Issue date:        2006-06-14
Updated on:        2006-06-14
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-2449 
- - ---------------------------------------------------------------------

1. Summary:

Updated kdebase packages that correct a security flaw in kdm are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the KDE Display Manager (KDM).

Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could
use a symlink attack to read an arbitrary file that they would not normally
have permissions to read. (CVE-2006-2449)

Note: this issue does not affect the version of KDM as shipped with Red Hat
Enterprise Linux 2.1 or 3.

All users of KDM should upgrade to these updated packages which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

194581 - CVE-2006-2449 kdm file disclosure

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm
493652aa8e8c177a5413507b2575f8c0  kdebase-3.3.1-5.12.src.rpm

i386:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
904d168f890da4f21508fe358d146b17  kdebase-devel-3.3.1-5.12.i386.rpm

ia64:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
417c771330db7cc80278219112daa6cd  kdebase-3.3.1-5.12.ia64.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
f1c24e1c5f5f150a32810d15a27913a7  kdebase-debuginfo-3.3.1-5.12.ia64.rpm
59ad6330dfa63d0eac17e250a976eb3c  kdebase-devel-3.3.1-5.12.ia64.rpm

ppc:
a5a61abe832e7bb9c124ad13b87ca1a9  kdebase-3.3.1-5.12.ppc.rpm
23318ff73eaf52c1f578a01b4d939a02  kdebase-3.3.1-5.12.ppc64.rpm
f29dd5ab38f6869c29b16feedb930472  kdebase-debuginfo-3.3.1-5.12.ppc.rpm
a6d574e895d3b7ac406721098ac7a955  kdebase-debuginfo-3.3.1-5.12.ppc64.rpm
3ed13abbd6dcdb4e22f2cc7f3c95e508  kdebase-devel-3.3.1-5.12.ppc.rpm

s390:
5d985202e89698cadb2fa5543538ec44  kdebase-3.3.1-5.12.s390.rpm
d64e34563848842451c21e900a8ed935  kdebase-debuginfo-3.3.1-5.12.s390.rpm
cf5021dbd08326f5b7880b98e4fd2d22  kdebase-devel-3.3.1-5.12.s390.rpm

s390x:
5d985202e89698cadb2fa5543538ec44  kdebase-3.3.1-5.12.s390.rpm
fd7276e1c85fd2d14c1c2fa84a5c2958  kdebase-3.3.1-5.12.s390x.rpm
d64e34563848842451c21e900a8ed935  kdebase-debuginfo-3.3.1-5.12.s390.rpm
070f47437154e8e1fa1eae4134ecf144  kdebase-debuginfo-3.3.1-5.12.s390x.rpm
bb4347afbfd01e4a24acbf68579eb45c  kdebase-devel-3.3.1-5.12.s390x.rpm

x86_64:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
12750a61fe65ddd1ecd7ab903bd0bc1a  kdebase-3.3.1-5.12.x86_64.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
a48f6d22deb71555ac2829e626020363  kdebase-debuginfo-3.3.1-5.12.x86_64.rpm
e73c2b102519b66cbd03d612c1bdcef3  kdebase-devel-3.3.1-5.12.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm
493652aa8e8c177a5413507b2575f8c0  kdebase-3.3.1-5.12.src.rpm

i386:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
904d168f890da4f21508fe358d146b17  kdebase-devel-3.3.1-5.12.i386.rpm

x86_64:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
12750a61fe65ddd1ecd7ab903bd0bc1a  kdebase-3.3.1-5.12.x86_64.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
a48f6d22deb71555ac2829e626020363  kdebase-debuginfo-3.3.1-5.12.x86_64.rpm
e73c2b102519b66cbd03d612c1bdcef3  kdebase-devel-3.3.1-5.12.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm
493652aa8e8c177a5413507b2575f8c0  kdebase-3.3.1-5.12.src.rpm

i386:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
904d168f890da4f21508fe358d146b17  kdebase-devel-3.3.1-5.12.i386.rpm

ia64:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
417c771330db7cc80278219112daa6cd  kdebase-3.3.1-5.12.ia64.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
f1c24e1c5f5f150a32810d15a27913a7  kdebase-debuginfo-3.3.1-5.12.ia64.rpm
59ad6330dfa63d0eac17e250a976eb3c  kdebase-devel-3.3.1-5.12.ia64.rpm

x86_64:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
12750a61fe65ddd1ecd7ab903bd0bc1a  kdebase-3.3.1-5.12.x86_64.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
a48f6d22deb71555ac2829e626020363  kdebase-debuginfo-3.3.1-5.12.x86_64.rpm
e73c2b102519b66cbd03d612c1bdcef3  kdebase-devel-3.3.1-5.12.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm
493652aa8e8c177a5413507b2575f8c0  kdebase-3.3.1-5.12.src.rpm

i386:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
904d168f890da4f21508fe358d146b17  kdebase-devel-3.3.1-5.12.i386.rpm

ia64:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
417c771330db7cc80278219112daa6cd  kdebase-3.3.1-5.12.ia64.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
f1c24e1c5f5f150a32810d15a27913a7  kdebase-debuginfo-3.3.1-5.12.ia64.rpm
59ad6330dfa63d0eac17e250a976eb3c  kdebase-devel-3.3.1-5.12.ia64.rpm

x86_64:
783d1f963e34f1e33bd25f708b399b99  kdebase-3.3.1-5.12.i386.rpm
12750a61fe65ddd1ecd7ab903bd0bc1a  kdebase-3.3.1-5.12.x86_64.rpm
8319443be1a529314c9504c01734f98d  kdebase-debuginfo-3.3.1-5.12.i386.rpm
a48f6d22deb71555ac2829e626020363  kdebase-debuginfo-3.3.1-5.12.x86_64.rpm
e73c2b102519b66cbd03d612c1bdcef3  kdebase-devel-3.3.1-5.12.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
http://www.kde.org/info/security/advisory-20060615-1.txt
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEkGCUXlSAg2UNWIIRAgB3AJ92+9kfJbgMcSAfHTAqKsHct0QCdQCcDrfu
rZLBNJhSGVgly8gHmq07fTU=
=xtBa
- -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBRJFb6Ypao72zK539AQGh4gQAiE1mWyRfmfN3P7+qigtIqxUDsyqtq5nh
5sE3rGcwwQZEHGHlucN5PsfYegjJtWD2QUBaI1FeW6kDP7NdjrCfoLNubhsMfWpj
5wLY5wcTn1bEmFqoQ/ZhWNPdmJ7WQzQrejWQWj5jIc279kJOcHPsG3aCu2pTJ9/q
+ih0dzQRWyQ=
=RYHU
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________